Quoting Michal Vyskocil
I would say having .keyring with a package, proposed by Ludwig, is better solution. It increases a flexibility and reduce the need of the special package for submission.
Security vs comfort/flexibility... as usual :)
I agree that a manual review is not the coolest approach ever, but that
1.) Can't be easily workarounded 2.) Needs to be done only for the first time - all other changes will be rare
But it is a good idea to have something in a webui showing big-red-something during .keyring file change.
This part I consider really important for 'us' reviewers... I'm afraid it's too easy to be missed otherwise.. if we add a 'big red warning' we can also link to a 'review howto'.. as we will likely not to it daily :) Dominique -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org